Source Code Enumeration Detection by Keyword
Detects source code enumeration that use GET requests by keyword searches in URL strings
Sigma rule (View on GitHub)
1title: Source Code Enumeration Detection by Keyword
2id: 953d460b-f810-420a-97a2-cfca4c98e602
3status: test
4description: Detects source code enumeration that use GET requests by keyword searches in URL strings
5references:
6 - https://pentester.land/tutorials/2018/10/25/source-code-disclosure-via-exposed-git-folder.html
7 - https://medium.com/@logicbomb_1/bugbounty-how-i-was-able-to-download-the-source-code-of-indias-largest-telecom-service-52cf5c5640a1
8author: James Ahearn
9date: 2019-06-08
10modified: 2022-10-05
11tags:
12 - attack.discovery
13 - attack.t1083
14logsource:
15 category: webserver
16detection:
17 keywords:
18 - '.git/'
19 condition: keywords
20fields:
21 - client_ip
22 - vhost
23 - url
24 - response
25falsepositives:
26 - Unknown
27level: medium
References
-
Hi, I recently found a .git folder exposed on a public bug bounty program and used it to reconstruct the Web app’s source code. I can’t disclose specific details yet, but wanted to share with you this tutorial on how to find and exploit this kind of bugs. .git exposure can pay well or not, depending on the assets found. But it is interesting anyway because: It is very easy to detect Analyzing the source code can reveal other vulnerabilities that are even more critical and interesting The process is the same whether you have a list of targets during a penetration test, or a broad scope (like *.
Read More
Related rules
- Capabilities Discovery - Linux
- Cisco Discovery
- DirLister Execution
- File and Directory Discovery - Linux
- File and Directory Discovery - MacOS